Gauntlt: Go Ahead, Be                            Mean to Your CodeTuesday, December 18, 12
Would you vote for this talk                      as the best if...?                       A. If its funny                ...
@wickett                           Sr. DevOps Engineer                           Mentor Graphics,                         ...
A BRIEF HISTORY                           OF INFOSECTuesday, December 18, 12
WE HAD     CINEMATuesday, December 18, 12
WE MADE FREE      PHONE CALLSTuesday, December 18, 12
WE WERE COOLTuesday, December 18, 12
WE COULDN’T STOP THE               VIRUSES AND WORMSTuesday, December 18, 12
INSTEAD OF ENGINEERING               INFOSEC BECAME ACTUARIESTuesday, December 18, 12
“[RISK ASSESSMENT] INTRODUCES A                   DANGEROUS FALLACY: THAT                   STRUCTURED INADEQUACY IS      ...
“IS THIS SECURE?”                           -YOUR CUSTOMERTuesday, December 18, 12
“ITS CERTIFIED”- YOUTuesday, December 18, 12
Tuesday, December 18, 12
NO PAIN, NO GAINTuesday, December 18, 12
Put your code through the GauntletTuesday, December 18, 12
Put your code through the Gauntlet                     Your web app   YouTuesday, December 18, 12
Put your code through the Gauntlet                            generic   w3af                           garmr      sqlmap  ...
GAUNTLT ALLOWS DEV AND               OPS AND SECURITY TO               COMMUNICATETuesday, December 18, 12
install gauntlt                   $ gem install gauntlt                   # download example attacks from github          ...
@slow                                          nmap.attack   Feature: nmap attacks for example.com     Background:       G...
running gauntlt with failing tests        wickett$ gauntlt        @slow        Feature: nmap attacks for example.com      ...
running gauntlt with passing tests        wickett$ gauntlt        @slow        Feature: nmap attacks for example.com      ...
Feature: Run sqlmap against a target                           Scenario: Identify SQL injection vulnerabilities           ...
Feature: Run sqlmap against a target                Scenario: Identify SQL injection vulnerabilities                  Give...
Feature: Run sqlmap against a target                                                 verify                Scenario: Ident...
Feature: Run sqlmap against a target                                                 verify                Scenario: Ident...
Feature: Run sqlmap against a target                           Scenario: Identify SQL injection vulnerabilities           ...
Feature: Run sqlmap against a target                           Scenario: Identify SQL injection vulnerabilities           ...
Feature: Run sqlmap against a target                           Scenario: Identify SQL injection vulnerabilities           ...
Feature: Run sqlmap against a target                           Scenario: Identify SQL injection vulnerabilities           ...
Feature: Run sqlmap against a target                           Scenario: Identify SQL injection vulnerabilities           ...
Feature: Run sqlmap against a target                           Scenario: Identify SQL injection vulnerabilities           ...
Feature: Run sqlmap against a target                           Scenario: Identify SQL injection vulnerabilities           ...
Feature: Run sqlmap against a target                           Scenario: Identify SQL injection vulnerabilities           ...
Given /^"sqlmap" is installed$/ do                             ensure_python_script_installed(sqlmap)                     ...
Given /^"sqlmap" is installed$/ do  step definition             ensure_python_script_installed(sqlmap)                     ...
Given /^"sqlmap" is installed$/ do  step definition             ensure_python_script_installed(sqlmap)      ruby           ...
Given /^"sqlmap" is installed$/ do                             ensure_python_script_installed(sqlmap)                     ...
Given /^"sqlmap" is installed$/ do                             ensure_python_script_installed(sqlmap)                     ...
Given /^"sqlmap" is installed$/ do                             ensure_python_script_installed(sqlmap)                     ...
Supported Tools                   • curl                   • nmap                   • sslyze                   • sqlmap   ...
Try it yourself at                            http://gauntlt.org/                           with the new gauntlt          ...
Upcoming SlideShare
Loading in …5
×

Gauntlt: Go Ahead, Be Mean to your Code

1,149 views

Published on

5 Minute Talk at Austin Cloud User Group on gauntlt.

See http://gauntlt.org

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,149
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
4
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Gauntlt: Go Ahead, Be Mean to your Code

  1. 1. Gauntlt: Go Ahead, Be Mean to Your CodeTuesday, December 18, 12
  2. 2. Would you vote for this talk as the best if...? A. If its funny B. If it useful to my job C. Dude, I know you want to win the iPad, you are down to 4 min and 37 seconds, stop surveying and start talking!Tuesday, December 18, 12
  3. 3. @wickett Sr. DevOps Engineer Mentor Graphics, Embedded Software Division CISSP, GWAPT, CCSK, GSEC, GCFW james@gauntlt.org gauntlt.orgTuesday, December 18, 12
  4. 4. A BRIEF HISTORY OF INFOSECTuesday, December 18, 12
  5. 5. WE HAD CINEMATuesday, December 18, 12
  6. 6. WE MADE FREE PHONE CALLSTuesday, December 18, 12
  7. 7. WE WERE COOLTuesday, December 18, 12
  8. 8. WE COULDN’T STOP THE VIRUSES AND WORMSTuesday, December 18, 12
  9. 9. INSTEAD OF ENGINEERING INFOSEC BECAME ACTUARIESTuesday, December 18, 12
  10. 10. “[RISK ASSESSMENT] INTRODUCES A DANGEROUS FALLACY: THAT STRUCTURED INADEQUACY IS ALMOST AS GOOD AS ADEQUACY AND THAT UNDERFUNDED SECURITY EFFORTS PLUS RISK MANAGEMENT ARE ABOUT AS GOOD AS PROPERLY FUNDED SECURITY WORK” - MICHAL ZALEWSKITuesday, December 18, 12
  11. 11. “IS THIS SECURE?” -YOUR CUSTOMERTuesday, December 18, 12
  12. 12. “ITS CERTIFIED”- YOUTuesday, December 18, 12
  13. 13. Tuesday, December 18, 12
  14. 14. NO PAIN, NO GAINTuesday, December 18, 12
  15. 15. Put your code through the GauntletTuesday, December 18, 12
  16. 16. Put your code through the Gauntlet Your web app YouTuesday, December 18, 12
  17. 17. Put your code through the Gauntlet generic w3af garmr sqlmap fuzzers curl sslyze nmap Your web app YouTuesday, December 18, 12
  18. 18. GAUNTLT ALLOWS DEV AND OPS AND SECURITY TO COMMUNICATETuesday, December 18, 12
  19. 19. install gauntlt $ gem install gauntlt # download example attacks from github # customize the example attacks # now you can run gauntlt $ gauntlt # gauntlt looks for *.attack in its # directory Examples > https://github.com/thegauntlet/gauntlt/tree/master/examplesTuesday, December 18, 12
  20. 20. @slow nmap.attack Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com | | tcp_ping_ports | 22,25,80,443 | Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should contain: """ 80/tcp open https """ Scenario: Verify that there are no unexpected ports open When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should not contain: """ 25/tcp """Tuesday, December 18, 12
  21. 21. running gauntlt with failing tests wickett$ gauntlt @slow Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com | | tcp_ping_ports | 22,25,80,443 | Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F www.example.com """ Then the output should contain: """ 443/tcp open https """ 1 scenario (1 failed) 5 steps (1 failed, 4 passed) 0m18.341sTuesday, December 18, 12
  22. 22. running gauntlt with passing tests wickett$ gauntlt @slow Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com | | tcp_ping_ports | 22,25,80,443 | Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F www.example.com """ Then the output should contain: """ 443/tcp open https """ 1 scenario (1 passed) 5 steps (5 passed) 0m18.341sTuesday, December 18, 12
  23. 23. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """Tuesday, December 18, 12
  24. 24. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed setup steps And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """Tuesday, December 18, 12
  25. 25. Feature: Run sqlmap against a target verify Scenario: Identify SQL injection vulnerabilities tool Given "sqlmap" is installed setup steps And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """Tuesday, December 18, 12
  26. 26. Feature: Run sqlmap against a target verify Scenario: Identify SQL injection vulnerabilities tool Given "sqlmap" is installed setup steps And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: set """ config python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """Tuesday, December 18, 12
  27. 27. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """Tuesday, December 18, 12
  28. 28. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ attack! python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """Tuesday, December 18, 12
  29. 29. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ attack! python <sqlmap_path> -u <target_url> """ env Then the output should contain: param """ sqlmap identified the following injection points """Tuesday, December 18, 12
  30. 30. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ attack! python <sqlmap_path> -u <target_url> """ env Then the output should contain: get param config """ sqlmap identified the following injection points """Tuesday, December 18, 12
  31. 31. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """Tuesday, December 18, 12
  32. 32. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ assert sqlmap identified the following injection points """Tuesday, December 18, 12
  33. 33. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ assert sqlmap identified the following injection points """ needleTuesday, December 18, 12
  34. 34. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ haystack Then the output should contain: """ assert sqlmap identified the following injection points """ needleTuesday, December 18, 12
  35. 35. Given /^"sqlmap" is installed$/ do ensure_python_script_installed(sqlmap) end When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap") command.gsub!(<target_url>, target_url) command.gsub!(<sqlmap_path>, sqlmap_path) run command endTuesday, December 18, 12
  36. 36. Given /^"sqlmap" is installed$/ do step definition ensure_python_script_installed(sqlmap) end When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap") command.gsub!(<target_url>, target_url) command.gsub!(<sqlmap_path>, sqlmap_path) run command endTuesday, December 18, 12
  37. 37. Given /^"sqlmap" is installed$/ do step definition ensure_python_script_installed(sqlmap) ruby end When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap") command.gsub!(<target_url>, target_url) command.gsub!(<sqlmap_path>, sqlmap_path) run command endTuesday, December 18, 12
  38. 38. Given /^"sqlmap" is installed$/ do ensure_python_script_installed(sqlmap) end When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap") command.gsub!(<target_url>, target_url) command.gsub!(<sqlmap_path>, sqlmap_path) run command endTuesday, December 18, 12
  39. 39. Given /^"sqlmap" is installed$/ do ensure_python_script_installed(sqlmap) end When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap") step definition command.gsub!(<target_url>, target_url) command.gsub!(<sqlmap_path>, sqlmap_path) run command endTuesday, December 18, 12
  40. 40. Given /^"sqlmap" is installed$/ do ensure_python_script_installed(sqlmap) end When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap") step definition command.gsub!(<target_url>, target_url) command.gsub!(<sqlmap_path>, sqlmap_path) run command end executeTuesday, December 18, 12
  41. 41. Supported Tools • curl • nmap • sslyze • sqlmap • Garmr • generic command lineTuesday, December 18, 12
  42. 42. Try it yourself at http://gauntlt.org/ with the new gauntlt video tutorial!Tuesday, December 18, 12

×